Lucene search
K

30465 matches found

OSV
OSV
added 2024/07/29 4:38 p.m.11 views

GHSA-5VRP-638W-P8M2 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Impact This XSS vulnerability is about the system configs design/header/welcome design/header/logosrc design/header/logosrcsmall design/header/logoalt They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously...

5.1CVSS4.5AI score0.0034EPSS
Exploits0References4
NVD
NVD
added 2024/07/29 3:15 p.m.24 views

CVE-2024-41676

Magento-lts is a long-term support alternative to Magento Community Edition CE. This XSS vulnerability affects the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt system configs.They are intended to enable admins to set a text in the two cases,...

4.8CVSS0.0034EPSS
Exploits0References2
OSV
OSV
added 2024/07/29 3:15 p.m.6 views

AZL-47489 CVE-2024-41038 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

5.5CVSS6.2AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.5 views

PT-2024-6666

Name of the Vulnerable Software and Affected Versions: Qualcomm Multiple Chipsets affected versions not specified Description: The issue is related to a use-after-free vulnerability in the Digital Signal Processor DSP service of Qualcomm chipsets, which can lead to memory corruption while...

7.8CVSS7.2AI score0.00673EPSS
Exploits0References150
Patchstack
Patchstack
added 2024/07/29 12:0 a.m.20 views

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6520 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8737e12493c8 Credits Joel Indra Yoel Indra...

5.5CVSS5.8AI score0.003EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/26 2:46 p.m.3 views

CVE-2024-41670 PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard

In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disable...

7.5CVSS6.7AI score0.00388EPSS
Exploits0References3
NVD
NVD
added 2024/07/25 10:15 p.m.17 views

CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...

6.1CVSS0.00239EPSS
Exploits0References1
OSV
OSV
added 2024/07/25 10:15 p.m.13 views

CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...

6.1CVSS6.7AI score
Exploits0References1
CVE
CVE
added 2024/07/25 4:12 p.m.51 views

CVE-2024-41800

Craft CMS 5 is affected by a TOTP re-use vulnerability. Versions 5.0.0-beta.1 through 5.2.2 allow an attacker who knows the victim’s credentials to resubmit a valid TOTP token within its validity period and establish an authenticated session. The issue has been patched in Craft 5.2.3; users shoul...

7.5CVSS5AI score0.00433EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/07/25 4:12 p.m.17 views

CVE-2024-41800 Craft CMS Allows TOTP Token To Stay Valid After Use

Craft is a content management system CMS. Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This h...

4.8CVSS0.00433EPSS
Exploits0References4
OSV
OSV
added 2024/07/25 4:12 p.m.22 views

CVE-2024-41800 Craft CMS Allows TOTP Token To Stay Valid After Use

Craft is a content management system CMS. Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This h...

4.8CVSS7.3AI score0.00433EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.5 views

PT-2024-5257 · Amazon · Aws S3

Name of the Vulnerable Software and Affected Versions: Open edX Platform versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper Description: The issue is related to inadequate access control in the Open edX Platform, specifically with the AWS S3 Bucket Handler component. This may all...

5.3CVSS7AI score0.00331EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.5 views

PT-2024-29491 · Vnote · Vnote

Name of the Vulnerable Software and Affected Versions: VNote versions 3.18.1 and prior Description: A Cross-Site Scripting XSS vulnerability has been identified in the Markdown rendering functionality of the VNote note-taking application. This issue allows the injection and execution of arbitrary...

9.6CVSS7.2AI score0.01577EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.14 views

Photon OS 5.0: Curl PHSA-2023-5.0-0054

An update of the curl package has been released. File data PhotonOSPHSA-2023-50-0054curl.nasl...

6.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.4 views

PT-2024-37849 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to Stored Cross-Site Scripting via the mapTypes parameter in the 'wpw auto poster map wordpress post type' AJAX function due to...

7.2CVSS6.3AI score0.00782EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.23 views

Photon OS 3.0: Nxtgn PHSA-2023-3.0-0606

An update of the nxtgn package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0606. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

6.5CVSS7.8AI score0.73461EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.15 views

Photon OS 3.0: Imagemagick PHSA-2022-3.0-0449

An update of the ImageMagick package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0449. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.1CVSS6.9AI score0.00552EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.13 views

Photon OS 3.0: Sqlite PHSA-2024-3.0-0712

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0712. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.3CVSS6.2AI score0.01249EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.16 views

Photon OS 3.0: Pkg PHSA-2022-3.0-0507

An update of the pkg package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0507. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20395...

5.5CVSS7AI score0.00531EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.17 views

Photon OS 3.0: Nginx PHSA-2023-3.0-0606

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0606. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

5.3CVSS7.2AI score0.00321EPSS
Exploits0References2
Rows per page
Query Builder